Last updated: June 7, 2026

This Privacy Policy describes how OneTradeJournal ("we," "us," or "our") collects, uses, stores, and protects your personal data in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and applicable Indian laws.

1. Data Fiduciary Information

Website: onetradejournal.com

Contact: Reach us through our Contact page

Under the DPDP Act, 2023, we are a "Data Fiduciary": the entity that determines the purposes and means of processing your personal data.

2. Data We Collect

We collect only data necessary to provide and improve our services:

Data Category	What We Collect	Purpose	Legal Basis
Account Data	Name, email address, phone number	Account creation, authentication, support	Consent & Contract
Trading Data	Trade entries, P&L, notes, screenshots, broker imports	Core journal service, analytics, AI analysis	Contract
Payment Data	Transaction ID, plan type, billing history	Subscription management, invoicing	Contract & Legal Obligation
Usage Data	Pages visited, features used, device info, IP address	Analytics, performance improvement, security	Legitimate Interest
Communication Data	Support emails, feedback, chat messages	Customer support, service improvement	Consent

Note: We do not collect your brokerage login credentials, Demat account numbers, or bank account details. Payment card details are processed directly by Dodo Payments and never stored on our servers.

Public Profile & Leaderboard Visibility

OneTradeJournal is a community-oriented trading journal. To enable community features like leaderboards and profile discovery, the following fields are publicly visible to other authenticated users by default when you create an account:

Your username and avatar
Your daily/weekly/monthly profit & loss rank on the leaderboard
Your aggregate trading statistics (win rate, total P&L, trade count) if you enable public profile

Your individual trade details, notes, screenshots, and personal identifiers (email, phone, real name) are never exposed via these features unless you explicitly choose to share a specific trade using the share link feature.

You can opt out at any time: go to Settings → Privacy & Visibility and toggle off Public Profile and/or Show on Leaderboard. The change takes effect immediately. This is an essential consent disclosure under Section 6 of the DPDP Act, 2023.

Your Content & Platform License

When you create content on OneTradeJournal, including strategy playbooks, custom strategy documentation (thesis, setup, patterns, indicators, confluences), trade notes, screenshots, and feedback, you grant us a worldwide, royalty-free, perpetual licence to:

Host, store, display, and process the content to provide the service to you;
Compute and surface anonymised aggregate metrics (e.g., per-strategy win rate, profit factor, popularity) across the platform, only after a privacy floor of multiple users and trades is met, so individuals cannot be re-identified;
Use your content to power AI-driven trade analysis and educational features, including comparing your trading against platform-wide benchmarks;
Display attribution-free aggregates on leaderboards, library cards, and educational surfaces for the benefit of all users;
Improve our product, train internal models on de-identified content, and produce summary insights.

We do not publish your raw trades, identifiers, or personally-identifying information from this content unless you explicitly choose to (e.g., via a public share link). You retain ownership of everything you create. You can delete your account at any time; aggregated, anonymised metrics that have already been computed may persist (since they no longer identify you).

By using the playbook, journaling, and AI features you accept this licence as part of our Terms of Service and this Privacy Policy.

3. How We Use Your Data

To provide, operate, and maintain the OneTradeJournal platform
To process your trade entries and generate analytics/reports
To power AI-based trade analysis and insights using OpenAI GPT models
To process payments and manage subscriptions via Dodo Payments
To send transactional emails (account verification, password reset, billing receipts)
To respond to support requests and feedback
To detect fraud, prevent abuse, and ensure platform security
To comply with applicable laws, regulations, and legal processes

4. Third-Party Data Processors

We share your data with the following third-party service providers who process data on our behalf:

Provider	Purpose	Data Shared	Location
OpenAI	AI trade analysis	Trade data submitted for analysis	USA
Dodo Payments	Payment processing	Payment details, email, phone	India
Supabase (AWS)	Database hosting	All account and trading data	India/Singapore (AWS ap-south-1)
Google Analytics	Usage analytics	Anonymized usage data, device info	USA

We do not sell, trade, or rent your personal data to any third party.

5. Cross-Border Data Transfers

When you use AI analysis features, your trade data is transmitted to OpenAI's servers in the United States for processing by GPT models. This transfer is necessary to provide the AI analysis service you have requested. OpenAI processes this data solely for generating your analysis and does not use it to train their AI models. By using AI analysis features, you consent to this cross-border transfer in accordance with Section 16 of the DPDP Act, 2023.

Anonymized usage data may also be processed by Google Analytics servers located outside India.

6. Your Rights Under the DPDP Act, 2023

As a "Data Principal," you have the following rights:

Right to Access: Request a summary of your personal data being processed and the processing activities.
Right to Correction: Request correction of inaccurate or incomplete personal data.
Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.
Right to Portability: Export your trading data in a machine-readable format (CSV/JSON) from your account settings.
Right to Nominate: Nominate another individual to exercise your data rights in case of your death or incapacity, as per Section 14 of the DPDP Act.
Right to Raise a Complaint: File a complaint with us if you believe your data has been mishandled.
Right to Withdraw Consent: Withdraw consent for data processing at any time. Note that withdrawal may affect your ability to use certain features.

To exercise any of these rights, reach us via our Contact page. We will respond within 30 days of receiving your request.

7. Data Retention

We retain your data only for as long as necessary to fulfill the purposes described in this policy:

Account & Trading Data: Retained while your account is active. Deleted within 30 days of account deletion request, unless required by law.
Financial/Transaction Records: Retained for 5 years from the date of transaction, as required under the Companies Act, 2013 and GST regulations.
Tax-Related Records: Retained for 6 years as per the Income Tax Act, 1961.
AI Analysis Logs: Automatically purged after 90 days.
Usage/Analytics Data: Anonymized and retained for up to 24 months.
Support Communications: Retained for 2 years after resolution.

After the retention period expires, data is securely deleted or irreversibly anonymized.

8. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights, we will:

Notify the Data Protection Board of India within 72 hours of becoming aware of the breach, as required under the DPDP Act, 2023.
Notify affected users without unreasonable delay via email and/or in-app notification.
Provide details of the breach, data affected, steps taken, and remedial actions.
Take immediate steps to contain and mitigate the breach.

9. Cookies & Tracking Technologies

We use the following types of cookies:

Essential Cookies: Required for authentication, session management, and security. These cannot be disabled as the platform will not function without them.
Analytics Cookies: Used to understand how you use the platform and to improve our services. You may opt out of analytics cookies via your browser settings.

We do not use advertising or third-party tracking cookies.

10. Security Measures

We implement industry-standard security measures to protect your personal data:

Encryption at rest: AES-256 encryption for stored data
Encryption in transit: TLS 1.2+ for all data transmissions
Access controls: Role-based access with principle of least privilege
Authentication: Secure password hashing, optional two-factor authentication
Infrastructure: Hosted on SOC 2-compliant cloud infrastructure (AWS via Supabase)
Monitoring: Continuous monitoring for unauthorized access attempts

While we take all reasonable precautions, no method of electronic storage or transmission is 100% secure. We encourage you to use strong, unique passwords and enable two-factor authentication.

11. Children's Privacy

OneTradeJournal is intended for users aged 18 years and above. We do not knowingly collect or process personal data from individuals under the age of 18. If we become aware that a user is under 18, we will promptly delete their account and associated data. If you believe a minor has provided us with personal data, please contact us via our Contact page.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email notification and/or a prominent notice on the platform at least 15 days before the changes take effect. Your continued use of OneTradeJournal after the effective date constitutes acceptance of the updated policy.

13. Complaints

If you have a complaint about how your data is handled, reach us via our Contact page. We will acknowledge your complaint within 24 hours and endeavor to resolve it within 15 days of receipt.

If you are unsatisfied with our response, you may escalate your complaint to the Data Protection Board of India as established under the DPDP Act, 2023.

14. Contact Us

For questions or concerns about this Privacy Policy or your personal data:

Contact: Reach us through our Contact page